I fixed the issue by "hard" coding the follwing lines in /usr/lib/python3/dist-packages/lava_server/settings/common.py

CSRF_COOKIE_SECURE = False
SESSION_COOKIE_SECURE = False
It's like it doesn't take in count my /etc/lava-server/settings.conf file.

Regards,
Axel

On Tue, 13 Nov 2018 at 16:45, Axel Lebourhis <axel.lebourhis@linaro.org> wrote:


On Tue, 13 Nov 2018 at 16:35, Neil Williams <neil.williams@linaro.org> wrote:

When changing /etc/lava-server/settings.conf ensure that the gunicorn
service is restarted

$ sudo service lava-server-gunicorn restart

 
This has been done.

This isn't about browser cookies - some browsers cache authentication
separately to cookies and sometimes it just needs a separate browser
to get passed an initial failure. e..g use firefox instead of chrome
and vice versa. Also it can be that all windows of the browser need to
be closed.

I tried on both Firefox and Chrome, nothing new.
 

> I don't understand, I made no modifications.

Unless you use https:// you need to modify at least
/etc/lava-server/settings.conf

The configuration needed to use http://localhost was already set in this file.
I modified directly the common.py file to set the default value to False.
Now I don't have the CSRF error anymore, but I'm still not logged in, back to starting point.

 
> On Tue, 13 Nov 2018 at 16:16, Neil Williams <neil.williams@linaro.org> wrote:
>>
>> On Tue, 13 Nov 2018 at 15:04, Axel Lebourhis <axel.lebourhis@linaro.org> wrote:
>> >
>> > Yes i'm using localhost and i'm using simple Django accounts.
>>
>> In which case you need to set the CSRF settings to allow login without
>> https as in the link I posted.
>>
>> https://master.lavasoftware.org/static/docs/v2/installing_on_debian.html?highlight=csrf#debugging-the-installation
>>
>> >
>> > On Tue, 13 Nov 2018 at 16:02, Neil Williams <neil.williams@linaro.org> wrote:
>> >>
>> >> On Tue, 13 Nov 2018 at 14:55, Axel Lebourhis <axel.lebourhis@linaro.org> wrote:
>> >> >
>> >> > Hi everyone,
>> >> >
>> >> > I have some troubles to log in my Web UI.
>> >>
>> >> Are you using http://localhost ? or are you trying to use http:// with
>> >> a domain name but have not set up https?
>> >>
>> >> If so, have you read the notes on CSRF support:
>> >> https://master.lavasoftware.org/static/docs/v2/installing_on_debian.html?highlight=csrf#debugging-the-installation
>> >>
>> >> Have you configured LDAP or are you using simple Django accounts?
>> >>
>> >> > I type the good password and username and then the website sends me back to the home page. If I type a wrong password, I get an error message. It does the same thing for all user accounts. Tried to restart lava services, apache2 but it's still doing the same thing. No error messages returned in logs.
>> >> >
>> >> > Best regards,
>> >> > Axel Le Bourhis
>> >> > _______________________________________________
>> >> > Lava-users mailing list
>> >> > Lava-users@lists.lavasoftware.org
>> >> > https://lists.lavasoftware.org/mailman/listinfo/lava-users
>> >>
>> >>
>> >>
>> >> --
>> >>
>> >> Neil Williams
>> >> =============
>> >> neil.williams@linaro.org
>> >> http://www.linux.codehelp.co.uk/
>>
>>
>>
>> --
>>
>> Neil Williams
>> =============
>> neil.williams@linaro.org
>> http://www.linux.codehelp.co.uk/



--

Neil Williams
=============
neil.williams@linaro.org
http://www.linux.codehelp.co.uk/